Merge pull request #52 from docker/v1.0.0

Publish v1.0.0 release

dist/docker-scout_1.0.0_checksums.txt

@@ -0,0 +1,6 @@
+26f826e98ac14e6710715a57d6004ca3de35c4ada65e10a86066c1987f407392  docker-scout_1.0.0_darwin_arm64.tar.gz
+5c7b9815ba20a1a7b9c86ccaff1e731d78a0e767b1966fcbeb7fb877cb383196  docker-scout_1.0.0_darwin_amd64.tar.gz
+6764a509696a6ab873850e3049ffaed70527059f6c523e724f496863e2dde20e  docker-scout_1.0.0_linux_arm64.tar.gz
+77db7c285637d1e5f3c5f573c2c62e9aff8087c182ba0ee6948c6607d5549e6e  docker-scout_1.0.0_linux_amd64.tar.gz
+90a1051da750661333e8817c10e1f1f4acc8f080676145f53a23dd4997a8c89c  docker-scout_1.0.0_windows_arm64.zip
+d1ba1b78310643f56988a197c28404c6f7ea5fd329d34d1a20cfb81f6d7cba23  docker-scout_1.0.0_windows_amd64.zip

docs/docker_scout.yaml

@@ -11,6 +11,7 @@ cname:
     - docker scout cves
     - docker scout enroll
     - docker scout environment
+    - docker scout integration
     - docker scout quickview
     - docker scout recommendations
     - docker scout repo
@@ -22,6 +23,7 @@ clink:
     - docker_scout_cves.yaml
     - docker_scout_enroll.yaml
     - docker_scout_environment.yaml
+    - docker_scout_integration.yaml
     - docker_scout_quickview.yaml
     - docker_scout_recommendations.yaml
     - docker_scout_repo.yaml

docs/docker_scout_cache_df.yaml

@@ -53,10 +53,6 @@ examples: |-
       sha256:174c41d4fbc7f63e1f2bb7d2f7837318050406f2f27e5073a84a84f18b48b883 │ 115 kB
 
     Total: 4 MB
-
-
-    What's Next?
-      Delete all cached SBOMs → docker scout prune
     ```
 deprecated: false
 experimental: false

docs/docker_scout_compare.yaml

@@ -16,6 +16,7 @@ long: |-
     - Images
     - OCI layout directories
     - Tarball archives, as created by `docker save`
+    - Local directory or file
 
     The tool analyzes the provided software artifact, and generates a vulnerability report.
 
@@ -25,7 +26,15 @@ long: |-
     - `curlimages/curl:7.87.0`
     - `mcr.microsoft.com/dotnet/runtime:7.0`
 
-    If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` or `--to-type` flag.
+    If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
+    or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
+
+    - `image://` (default) use a local image, or fall back to a registry lookup
+    - `local://` use an image from the local image store (don't do a registry lookup)
+    - `registry://` use an image from a registry (don't use a local image)
+    - `oci-dir://` use an OCI layout directory
+    - `archive://` use a tarball archive, as created by docker save
+    - `fs://` use a local directory or file
 usage: docker scout compare --to IMAGE|DIRECTORY|ARCHIVE [IMAGE|DIRECTORY|ARCHIVE]
 pname: docker scout
 plink: docker_scout.yaml
@@ -54,6 +63,16 @@ options:
       experimentalcli: false
       kubernetes: false
       swarm: false
+    - option: hide-policies
+      value_type: bool
+      default_value: "false"
+      description: Hide policy status from the output
+      deprecated: false
+      hidden: false
+      experimental: false
+      experimentalcli: false
+      kubernetes: false
+      swarm: false
     - option: ignore-base
       value_type: bool
       default_value: "false"
@@ -168,7 +187,7 @@ options:
       value_type: string
       description: |-
         Reference to use if the provided tarball contains multiple references.
-        Can only be used with --type archive.
+        Can only be used with archive.
       deprecated: false
       hidden: false
       experimental: false
@@ -207,7 +226,7 @@ options:
       value_type: string
       description: |-
         Reference to use if the provided tarball contains multiple references.
-        Can only be used with --type archive.
+        Can only be used with archive.
       deprecated: false
       hidden: false
       experimental: false
@@ -223,36 +242,6 @@ options:
       experimentalcli: false
       kubernetes: false
       swarm: false
-    - option: to-type
-      value_type: string
-      default_value: image
-      description: |-
-        Image type to analyze. Can be one of:
-        - image
-        - oci-dir
-        - archive (docker save tarball)
-        - fs (directory or file)
-      deprecated: false
-      hidden: false
-      experimental: false
-      experimentalcli: false
-      kubernetes: false
-      swarm: false
-    - option: type
-      value_type: string
-      default_value: image
-      description: |-
-        Type of the image to analyze. Can be one of:
-        - image
-        - oci-dir
-        - archive (docker save tarball)
-        - fs (directory or file)
-      deprecated: false
-      hidden: false
-      experimental: false
-      experimentalcli: false
-      kubernetes: false
-      swarm: false
 inherited_options:
     - option: debug
       value_type: bool
@@ -271,6 +260,12 @@ examples: |-
     $ docker scout compare --to namespace/repo:latest
     ```
 
+    ### Compare local build to the same tag from the registry
+
+    ```console
+    $ docker scout compare local://namespace/repo:latest --to registry://namespace/repo:latest
+    ```
+
     ### Ignore base images
 
     ```console
@@ -288,6 +283,12 @@ examples: |-
     ```console
     $ docker scout compare --only-package-type maven --only-severity critical --to namespace/repo:latest namespace/repo:v1.2.3-pre
     ```
+
+    ### Show all policy results for both images
+
+    ```console
+    docker scout compare --to namespace/repo:latest namespace/repo:v1.2.3-pre
+    ```
 deprecated: false
 experimental: false
 experimentalcli: true

docs/docker_scout_cves.yaml

@@ -10,6 +10,7 @@ long: |-
     - Images
     - OCI layout directories
     - Tarball archives, as created by `docker save`
+    - Local directory or file
 
     The tool analyzes the provided software artifact, and generates a vulnerability report.
 
@@ -19,7 +20,15 @@ long: |-
     - `curlimages/curl:7.87.0`
     - `mcr.microsoft.com/dotnet/runtime:7.0`
 
-    If the artifact you want to analyze is an OCI directory or a tarball archive, you must use the `--type` flag.
+    If the artifact you want to analyze is an OCI directory, a tarball archive, a local file or directory,
+    or if you want to control from where the image will be resolved, you must prefix the reference with one of the following:
+
+    - `image://` (default) use a local image, or fall back to a registry lookup
+    - `local://` use an image from the local image store (don't do a registry lookup)
+    - `registry://` use an image from a registry (don't use a local image)
+    - `oci-dir://` use an OCI layout directory
+    - `archive://` use a tarball archive, as created by docker save
+    - `fs://` use a local directory or file
 usage: docker scout cves [OPTIONS] [IMAGE|DIRECTORY|ARCHIVE]
 pname: docker scout
 plink: docker_scout.yaml
@@ -57,11 +66,7 @@ options:
     - option: format
       value_type: string
       default_value: packages
-      description: |-
-        Output format of the generated vulnerability report:
-        - packages: default output, plain text with vulnerabilities grouped by packages
-        - sarif: json Sarif output
-        - markdown: markdown output (including some html tags like collapsible sections)
+      description: "Output format of the generated vulnerability report:\n- packages: default output, plain text with vulnerabilities grouped by packages\n- sarif: json Sarif output\n- spdx: json SPDX output \n- markdown: markdown output (including some html tags like collapsible sections)"
       deprecated: false
       hidden: false
       experimental: false
@@ -214,7 +219,7 @@ options:
       value_type: string
       description: |-
         Reference to use if the provided tarball contains multiple references.
-        Can only be used with --type archive.
+        Can only be used with archive.
       deprecated: false
       hidden: false
       experimental: false
@@ -230,21 +235,6 @@ options:
       experimentalcli: false
       kubernetes: false
       swarm: false
-    - option: type
-      value_type: string
-      default_value: image
-      description: |-
-        Type of the image to analyze. Can be one of:
-        - image
-        - oci-dir
-        - archive (docker save tarball)
-        - fs (directory or file)
-      deprecated: false
-      hidden: false
-      experimental: false
-      experimentalcli: false
-      kubernetes: false
-      swarm: false
     - option: vex
       value_type: bool
       default_value: "false"
@@ -302,7 +292,7 @@ examples: |-
     ```console
     $ docker save alpine > alpine.tar
 
-    $ docker scout cves --type archive alpine.tar
+    $ docker scout cves archive://alpine.tar
     Analyzing archive alpine.tar
         ✓ Archive read
         ✓ SBOM of image already cached, 18 packages indexed
@@ -314,14 +304,20 @@ examples: |-
     ```console
     $ skopeo copy --override-os linux docker://alpine oci:alpine
 
-    $ docker scout cves --type oci-dir alpine
+    $ docker scout cves oci-dir://alpine
     Analyzing OCI directory alpine
         ✓ OCI directory read
         ✓ Image stored for indexing
         ✓ Indexed 19 packages
         ✓ No vulnerable package detected
     ```
 
+    ### Display vulnerabilities from the current directory
+
+    ```console
+    $ docker scout cves fs://.
+    ```
+
     ### Export vulnerabilities to a SARIF JSON file
 
     ```console

docs/docker_scout_integration.yaml

@@ -0,0 +1,30 @@
+command: docker scout integration
+short: Commands to list, configure, and delete Docker Scout integrations
+long: Commands to list, configure, and delete Docker Scout integrations
+pname: docker scout
+plink: docker_scout.yaml
+cname:
+    - docker scout integration configure
+    - docker scout integration delete
+    - docker scout integration list
+clink:
+    - docker_scout_integration_configure.yaml
+    - docker_scout_integration_delete.yaml
+    - docker_scout_integration_list.yaml
+inherited_options:
+    - option: debug
+      value_type: bool
+      default_value: "false"
+      description: Debug messages
+      deprecated: false
+      hidden: true
+      experimental: false
+      experimentalcli: false
+      kubernetes: false
+      swarm: false
+deprecated: false
+experimental: false
+experimentalcli: false
+kubernetes: false
+swarm: false
+

docs/docker_scout_integration_configure.yaml

@@ -0,0 +1,53 @@
+command: docker scout integration configure
+short: Configure or update a new integration configuration
+long: |
+    The docker scout integration configure command creates or updates a new integration configuration for an organization.
+usage: docker scout integration configure INTEGRATION
+pname: docker scout integration
+plink: docker_scout_integration.yaml
+options:
+    - option: name
+      value_type: string
+      description: Name of integration configuration to create
+      deprecated: false
+      hidden: false
+      experimental: false
+      experimentalcli: false
+      kubernetes: false
+      swarm: false
+    - option: org
+      value_type: string
+      description: Namespace of the Docker organization
+      deprecated: false
+      hidden: false
+      experimental: false
+      experimentalcli: false
+      kubernetes: false
+      swarm: false
+    - option: parameter
+      value_type: stringSlice
+      default_value: '[]'
+      description: Integration parameters in the form of --parameter NAME=VALUE
+      deprecated: false
+      hidden: false
+      experimental: false
+      experimentalcli: false
+      kubernetes: false
+      swarm: false
+inherited_options:
+    - option: debug
+      value_type: bool
+      default_value: "false"
+      description: Debug messages
+      deprecated: false
+      hidden: true
+      experimental: false
+      experimentalcli: false
+      kubernetes: false
+      swarm: false
+deprecated: false
+experimental: false
+experimentalcli: false
+kubernetes: false
+swarm: false
+